Stuxnet cyberattack: Does new WikiLeaks cable shed light on who did it?

A German expert urged the US to adopt 'a policy of covert sabotage' of the Iran nuclear program, states a diplomatic cable released by WikiLeaks. Big caveat: Stuxnet worm predates the cable.

IIPA,Ebrahim Norouzi/AP

A worker stands at the entrance of the reactor of Bushehr nuclear power plant, outside the southern city of Bushehr, Iran. Iran's nuclear chief said Tuesday Nov. 23, 2010 that a malicious computer worm known as Stuxnet has not harmed the country's atomic program and accused the West of trying to sabotage it.

A Jan. 21, 2010, confidential cable released Tuesday by WikiLeaks reveals that Philip Murphy, US ambassador to Germany, informed American officials that the expert had advised that, from a German point of view, "covert sabotage (unexplained explosions, accidents, computer hacking etc) would be more effective than a military strike whose effects in the region could be devastating."

On its face, the new WikiLeaks cable seems to fall in line with recent news reports alleging US involvement in the deployment of Stuxnet, the world's first known cyber super weapon, The Stuxnet computer worm is reported to have seriously damaged about one-fifth of the centrifuge systems in Iran's nuclear fuel-enrichment program.

"This WikiLeaks cable really does not add anything to the argument for US involvement," Baker says. "I just don't think the US would have been inspired by a diplomatic cable to take action of this sort. Beside that, the timing is all wrong. His advice comes well after Stuxnet was released."

The Wikileaks document's significance may be to show that the US would probably have had support from an ally for a cyberattack – if it chose to launch one, he says.

The notion that the US or Israel – or possibly China or India – had a motive to attempt cybersabotage of Iran's nuclear program has been detailed since September, when Stuxnet was first identified as a cyberweapon.

Like recent news reports, many early accounts of Stuxnut also conjectured that the US or Israel was responsible. In one report, for instance, Stuxnet source code was widely reported to have within it references to Myrtus, the Hebrew word for Esther, a biblical heroine that saved Israel. Other words and dates also suggested Israeli involvement.

Yet it was also possible that such "clues" were a bit of mischievous misdirection by an unknown party, cybersecurity experts have noted. As yet, there is no smoking gun tying Stuxnet to the US, even if there are many reasons an Iranian adversary might give cybersabotage a try, Baker says.

"Cyberweapons certainly do have advantages: deniability, stealth, and an ability to target facilities." he says. "But even if that's all true, the fact is that such weapons can be used by all sides. We have to ask ourselves what we will do if an equally sophisticated weapon is used against us. That's troubling because we [in the US] clearly don't have a good defense against this kind of attack."